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DETAILED ACTION 

This action is responsive to the application filed on August 16, 2001. Claims 1-50 are 
pending. Claims 1-50 represent a method for monitoring data sent from a computer. 



Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C, 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 47-48 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

Claims 47 and 48 recites the limitation "the apparatus" in claim 48. There is 
insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C, 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

Claims 1-7, 9-13, 25-31, 33-37, and 49 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Duvall et al. US Patent No. 5,884,033. 

Duvall discloses the invention as claimed including data transfer monitoring (see 
abstract). 
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As per claims 1, 25, and 49, Duvall teaches a method, apparatus and computer program 
product in a computer system, for monitoring data from a computer, comprising: 

detecting a request for an outgoing transfer of data from a program in the computer 
system destination (checking outgoing data being transferred; column 3, lines 13-49); 

determining whether the destination is trusted site (column 3, lines 64-67; column 4, lines 
1-21); and 

performing a corrective action if the destination is not a trusted site (column 4, lines 11- 

21). 

As per claims 2 and 26, Duvall teaches the method and apparatus of claims 1 and 25 
wherein the step of determining whether the destination is a trusted site comprises matching the 
destination against a list of trusted sites (column 4, lines 1-11) 

As per claims 3 and 27, Duvall teaches the method and apparatus of claims 1 and 25 
wherein the corrective action comprises blocking the outgoing transfer (column 4, lines 12-21; 
column 6, lines 20-26). 

As per claims 4 and 28, Duvall teaches the method and apparatus of claims 1 and 25 
wherein the corrective action comprises disabling the program (column 4, lines 56-64). 

As per claims 5 and 29, Duvall teaches the method and apparatus of claims 1 and 25 
wherein the step of performing a comprises: 
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changing the destination of the outgoing transfer the computer system (column 4, lines 
65-67; column 5, lines 1-29; column 6, lines 20-26); and 

determining whether the program operates in response to the changed destination 
(column 4, lines 51-64; column 5, lines 61-64). 

As per claims 6 and 30, Duvall teaches the method and apparatus of claims 1 and 25 
wherein the step of performing a corrective action comprises: 

irreversibly encrypting the data (column 5, lines 30-51); and 

determining whether the program operates in response to the encryption (column 5, lines 

61-64). 

As per claims 7 and 31, Duvall teaches the method and apparatus of claims 1 and 30 
wherein the step of irreversibly encrypting the data comprises injecting random numbers into the 
data (column 5, lines 30-51). 

As per claims 9 and 33, Duvall teaches the method and apparatus of claims 1 and 25 
further comprising: 

determining whether the data includes personal information (column 7, lines 40-60; 
column 8, lines 8, lines 1-16); and 

performing a corrective action if the data includes personal information (column 7, lines 
40-60; column 8, lines 1-16). 
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As per claims 10 and 34, Duvall teaches the method and apparatus of claims 1 and 33 
wherein the step of determining whether the data includes personal information comprises 
performing a text string or search binary pattern search on the data (column 6, lines 29-59). 

As per claims 1 1 and 35, Duvall teaches the method and apparatus of claims 1 and 25 
wherein the step of performing a corrective action comprising storing a log of the outgoing 
transfer (column 8, lines 1-62). 

As per claims 12 and 36, Duvall teaches the method and apparatus of claims 1 1 and 35 
wherein the step of storing a log comprises storing a log of the outgoing transfer comprises 
storing the data (column 8, lines 1-62). 

As per claims 13 and 37 Duvall teaches the method and apparatus of claims 1 1 and 35 
further comprising transferring the log to a remote computer (column 7, lines 16-29; column 8, 
lines 1-62). 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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Claims 8, 14-24, 32, 38-48, and 50 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Duvall US Patent No. 5,884,033 in view of Lin et al US Patent No. 6,751,668. 

Lin discloses the invention substantially as claimed including denial of service attack 
blocking (see abstract). 

As per claims 8 and 32, Duvall teaches the method and apparatus of claims 1 and 25. 
Duvall does not disclose further comprising: 

determining whether the amount of data for the outgoing transfer uncharacteristically 
high; performing a corrective action if the amount of data is uncharacteristically high. 

Lin discloses determining whether the amount of data for the outgoing transfer 
uncharacteristically high (column 2, lines 25-33, 43-55); 

performing a corrective action if the amount of data is uncharacteristically high (column 
2, lines 33-42;, 56-62). 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to combine monitoring outgoing traffic of Duvall with monitoring amount of data of 
Lin. A person of ordinary skill in the art would have been motivated to do this to enhance the 
monitoring filters of the system. 

As per claims 14, 38 and 50, Duvall teaches a method, apparatus and computer program 
product in a computer system for monitoring data from a computer, comprising: 

detecting a request for an outgoing transfer of data from a program in the computer 
system destination (column 3, lines 13-49);. and 
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performing a corrective action (column 4, lines 11-21). 

Duvall does not teach determining whether the amount of the data is uncharacteristically 
high; and performing a corrective action if the amount of the data is uncharacteristically high. 

Lin teaches determining whether the amount of data for the outgoing transfer 
uncharacteristically high (column 2, lines 25-33, 43-55); 

performing a corrective action if the amount of data is uncharacteristically high (column 
2, lines 33-42, 56-62). 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to combine monitoring outgoing traffic of Duvall with monitoring amount of data of 
Lin. A person of ordinary skill in the art would have been motivated to do this to enhance the 
monitoring filters of the system. 

As per claims 15 and 39, Duvall teaches the method and apparatus of claims 14 and 38 
wherein the corrective action comprises blocking the outgoing transfer (Duvall column 4, lines 
12-21; column 6, lines 20-26). 

As per claims 16 and 40, Duvall teaches the method and apparatus of claims 14 and 38 
wherein the corrective action comprises disabling the program (Duvall column 4, lines 56-64). 

As per claims 17 and 41, Duvall teaches the method and apparatus of claims 14 and 38 
wherein the step of performing a comprises: 
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changing the destination of the outgoing transfer the computer system (Duvall column 4, 
lines 65-67; column 5, lines 1-29; column 6, lines 20-26); and 

determining whether the program operates in response to the changed destination (Duvall 
column 4, lines 51-64; column 5, lines 61-64). 

As per claims 18 and 42 Duvall teaches the method and apparatus of claims 14 and 38 

wherein the step of performing a corrective action comprises: 

irreversibly encrypting the data (Duvall column 5, lines 30-51); and 

determining whether the program operates in response to the encryption (Duvall column 

5, lines 61-64). 

As per claims 19 and 43, Duvall teaches the method and apparatus of claims 18 and 38 
wherein the step of irreversibly encrypting the data comprises injecting random numbers into the 
data (Duvall column 5, lines 30-51). 

As per claims 20 and 44, Duvall teaches the method and apparatus of claims 14 and 
38further comprising: 

determining whether the data includes personal information (Duvall column 7, lines 40- 
60; column 8, lines 8, lines 1-16); and 

performing a corrective action if the data includes personal information (Duvall column 
7, lines 40-60; column 8, lines 1-16). 
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As per claims 21 and 45, Duvall teaches the method and apparatus of claims 20 and 38 
wherein the step of determining whether the data includes personal information comprises 
performing a text string or search binary pattern search on the data (Duvall column 6, lines 29- 
59). 

As per claims 22 and 46, Duvall teaches the method and apparatus of claims 14 and 38 
wherein the step of performing a corrective action comprising storing a log of the outgoing 
transfer (Duvall column 8, lines 1-62). 

As per claims 23 and 47, Duvall teaches the method and apparatus of claims 22 and 46 
wherein the step of storing a log comprises storing a log of the outgoing transfer comprises 
storing the data (Duvall column 8, lines 1-62). 

As per claims 24 and 48 Duvall teaches the method and apparatus of claims 22 and 46 
further comprising transferring the log to a remote computer (Duvall column 7, lines 16-29; 
column 8, lines 1-62). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Converse et al U.S. Patent Publication No. 2002/0143963 discloses monitoring data 
transfer. 

Eichstaedt et al. U.S. Patent No. 6,662,230 discloses monitoring data transfer. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Uzma Alam whose telephone number is (571) 272-3995. The 
examiner can normally be reached on Monday-Tuesday 1 1 :30am-8pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001 . The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Uzma alam 
ua 
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